Application Definition
We define application as a Client and Service.
Client can be understood either as an OAuth 2.0 Client or as a SAML Service Provider.
Client applications consume tokens and assertions issued by Cloudentity. Applications may use tokens for user authentication or service consumption.
Essentially, the whole set of services in a Cloudentity Workspace constitutes the OAuth 2.0 Resource Server. Cloudentity recognizes that such a server can expose a large number of APIs grouped into particular services, and consequently represents this in the Workspace in order to allow for more fine-grained access control.
To reflect the the application architecture, make management easier, and make it more intuitive for client application developers Cloudentity associates scopes and APIs to services.
Cloudentity also reflects microservices as services within a Workspace. These services have their own identity that is used to perform access control within distributed application. The internal microservices may not be part of the resource server as while communicating between each other they don’t use access tokens issued by the Workspace authorization server.
Client Application Types
Depending on the client application type, different settings are applied by default.
OAuth
Type | Configured Grant Types | Configured Response Types | Default Token Endpoint AuthN Method | Other |
---|---|---|---|---|
Single Page | Authorization Code Flow | Code, Token, ID Token | None | No client secret avaiable, public client |
Server-Side Web | Authorization Code Flow | Code, Token | client_secret_post | Private client |
Mobile/Desktop (Native App) | Authorization Code Flow | Code, Token, ID Token | None | No client secret avaiable, public client |
Service | Client Credentials Flow | Token | client_secret_post | Private client |
Single Page (Legacy) | Implicit Flow | Token | None | No client secret available, public client |
SAML
Type | Description |
---|---|
SAML Service Provider | Application that receives and accepts SAML assertions. |
Add Apps
With Cloudentity, you can:
-
Add client apps manually:
-
Add services:
-
By using automatical service discovery when connecting Cloudentity Authorizers to API gateways or service meshes.
-
Enable developers to dynamically register their apps using OAuth DCR
-
Enable developers to create applications and services using Cloudentity developer portals
Cloudentity exposes a SAML SSO login and metadata endpoints for SAML apps and protects their resources by enforcing the assigned policies (such as MFA requirements for users).